DOCKER 101

FROM 0 TO DOCKER IN 30 MINUTES

/ Luciano Fiandesio @ishipsoftware

WHO'S LUCIANOGeneralist25 years of software developmentConsulting on lightweight approach tosoftware factoryAuthor of "Groovy 2 Cookbook" for PacktDadgithub: https://github.com/luciano­fiandesio

ABOUT YOU

AGENDAWhat is DockerDocker componentsLive DemoAdditional resources

DOCKER STATS

25.000 Github stars425M+ Docker Engine downloads100.000+ Dockerized applications on DockerHub180+ Docker Meetup Groups in 50 countries950 community contributors50.000 3rd party projects on Github usingDocker in PAAS, OS, CI etc.

WHAT IS DOCKER?Docker vs. Virtualization

THIS IS WHAT MAKES DOCKER SOPOWERFUL

LXC CONTAINERS

Available in modern kernels since 2008Generically isolates resource usage (CPU,memory, disk, network)Guarantee resources to app/set of appsCan be adjusted on the flyCan monitor the cgroup itself to seeutilization

KERNEL NAMESPACES

Isolating views of the systemCan make a process think it’s the only processBuilt-in way to "virtualize" a process

KERNEL NAMESPACES

mnt (mount points, filesystem)

pid (processes)

net (network stack)

ipc (inter-process comms)

uts (hostname)

user (UIDs)

CGROUPS - CONTROL GROUPS

Built into KernelGenerically isolates resource usage (CPU,memory, disk, network)Guarantee resources to app/set of appsCan be adjusted on the flyCan monitor the cgroup itself to seeutilization

WHAT ABOUT PERFORMANCES?

Processes are isolated, but run directly onthe hostCPU - native performanceMemory - a few % required for bean keepingNetwork - small overhead, can be reducedto 0

TO RECAP

Content Agnostic

Hardware Agnostic

Content Isolation

Automation

Highly Efficient

Separation of Concerns

DOCKER CONCEPTS

DOCKER ENGINE

Docker is a simple client/server applicationA Docker client talks to a Docker daemon,which execute the workDocker executables are written in GoThe Docker daemon also exposes a RESTFulAPIBoth client and server must be executed asroot!

DOCKER IMAGES

Read-only templates from which containersare launched fromEach image consists of a series of layersusing the Union File SystemWhen an image gets modified, a new layer iscreatedDocker can also use additional file systems

HOW DOES AN IMAGE LOOK LIKE?

First the bootfs is loadedThen, the root fs ismounted (Ubuntu, etc) inread only modeThe remaining layers aremountedThanks to the UnionFS,the layers look like one FSFinally, when thecontainer is launched,Docker mounts a read-write layer

THINK OF IMAGES ARE THE SOURCECODE OF YOUR CONTAINERS!

DOCKER CONTAINERS

A container is started from an image, whichmay be locally created, cached locally, ordownloaded from a registryIt "looks & feels" like a VMRidicolously fast boot timeLow resource usage

CONTAINERS - GOOD TO KNOW

Containers are meant to run a single processDecouple applications into separatecontainers — one for each processDon’t install unnecessary packages: smallerimages!Build containers that are easy to replace

DOCKER FILES

Image representationsSimple syntax for describing an imageAutomate and script the image creationEasy to learn (looks like Shell!)Fast and reliable

DOCKERFILE EXAMPLE

# Version: 0.0.1

FROM ubuntu:14.04

MAINTAINER Rocky Balboa "rocky@gmail.com"

RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80

RUN echo 'deb http://download-distro.mongodb.org/repo/ubuntu-upstart dist 10gen'

RUN apt-get update

# note the -y flag, for non interactive

RUN apt-get install -y mongodb-org

RUN mkdir -p /data/db

# This mongo instance will run in a container

# so it must be configured to accept connections from foreign hosts

RUN echo "bind_ip = 0.0.0.0" >> /etc/mongdodb.conf

EXPOSE 27017

# Set the default command for this image

CMD ["mongod"]

Build the image

docker build -t="balboa/mongo" .

DOCKER REGISTRY

Application dedicated to the storage anddistribution of your Docker imagesUseful when a company wants to shareimages internallyDocker offers a commercial version, named"Docker Trusted Registry"

DOCKER HUBA cloud hosted service from Docker thatprovides registry capabilities for public andprivate content.Useful for sharing images at large orcollaborating withing a teamUseful for automation workflows

DOCKER MACHINEA tool to simplify the automatic creation,configuration and management of Docker-enabled machines, wheter they are VMsrunning locally in Virtualbox or in a cloudprovider such AWS

$ create --driver virtualbox dev # start machine locally using virtualbox$ create --driver digitalocean dev-cloud # start machine locally using digitalocean

DOCKER COMPOSE

A tool for running multi-containerapplicationsSingle file configurationGreat for dev environments, CI, stagingWritten in Python, was Fig (acquired byDocker)Useful for building complex environments ina reproducible way

DEMO TIME!

DOCKER COMMAND LINE

$ docker search # search hub.docker.com for an image$ docker pull # download an image$ docker images # list all existing local images$ docker run # starts a container from an image$ docker ps # list running containers$ docker build # build an image from a docker file

SOME DOCKER 'RUN' FLAGS

-d # runs the container in detached mode (background process)-t # runs the container using a pseudo-tty-i # uses interactive mode--name # assign a name, instead of autogenerated one

START/KILL/REMOVE CONTAINERS

docker stop # stops a containerdocker start # starts a containerdocker attach # attach to a containerdocker remove # remove a containerdocker rmi # remove an image

CONTAINERS COMMUNICATION

Containers can be linked together (containerlinking)

Container linking works well on a single host,but large-scale systems need other discoverymechanisms.

$ docker run -d --name database -e MYSQL_ROOT_PASSWORD=root mysql

$ docker run -d --link database:db --name web runseb/hostname

$ docker run -d --link web:application --name lb nginx

CONTAINERS VOLUMES

Docker can mount host voulumes in read/writemode. Data are shared between host andcontainer

$ docker run -ti -v "$PWD":/shared ubuntu:14.04 /bin/bash

ADDITIONAL RESOURCES

WE JUST SCRATCHED THE SURFACE!

ECOSYSTEM

Orchestration

Clustering

Discovery

Cloud

Monitoring

Logging

Security

LINKSDocker training - Docker cheat sheet -

Docker cheat sheet -https://github.com/wsargent/docker-cheat-sheetMore links! -http://www.nkode.io/2014/08/24/valuable-docker-links.htmlDocker ecosystem - mind blowing -https://www.mindmeister.com/389671722/docker-ecosystemDocker videos -

http://training.docker.com/

https://github.com/wsargent/docker­cheat­sheet

https://www.youtube.com/user/dockerrun